[Bug] Xiaohongshu comments command returns empty due to anti-automation detection (error 300017)

[steptian]

Bug: Xiaohongshu comments command returns empty due to anti-automation detection

Description

The opencli xiaohongshu comments command always returns empty results because Xiaohongshu (小红书) detects browser automation and redirects to an error page.

Environment

• opencli version: 1.5.3
• Node version: 22.22.1
• Browser Bridge: Connected (v1.5.3)
• OS: macOS (Darwin 24.6.0)

Steps to Reproduce

1. Ensure Chrome is running and logged into www.xiaohongshu.com
2. Run: opencli xiaohongshu comments <note-id>
3. Command returns empty array

Investigation Results

I added debug logging to the comments.ts source code and discovered:

1. Page Redirection

• Target URL: https://www.xiaohongshu.com/explore/{noteId}
• Actual URL: https://www.xiaohongshu.com/explore (redirected to homepage)

When using /search_result/{noteId}:

• Target URL: https://www.xiaohongshu.com/search_result/{noteId}
• Actual URL: https://www.xiaohongshu.com/website-login/error?error_code=300017&error_msg=访问链接异常

2. Error Page Content

安全限制
访问链接异常
300017

3. What Works vs What Doesn't

Endpoint	Status
/search_result?keyword=xxx (search)	✅ Works
/explore/{noteId} (note detail)	❌ Redirected
/search_result/{noteId} (note detail)	❌ Error page

4. Authentication Status

• Cookie count: 12 cookies present
• Login state: Valid (search works, no login button visible)
• Browser Bridge: Connected successfully

Root Cause

Xiaohongshu has anti-automation detection on note detail pages:

• Search pages (/search_result?keyword=) are accessible
• Note detail pages trigger security check (error code 300017)
• The Browser Bridge's automation signature is being detected

Related Commands Affected

• xiaohongshu comments - Cannot access note detail page
• xiaohongshu download - Also returns "No media found" for the same reason

Possible Solutions

1. Stealth mode: Implement anti-detection measures (similar to puppeteer-extra-plugin-stealth)
2. Alternative endpoints: Explore if there are API endpoints that don't trigger detection
3. User interaction flow: Guide users to manually open the note page first, then extract from existing tab

Debug Code Used

I modified comments.ts to capture page state:

const data = await page.evaluate(`
  (async () => {
    // ... existing scroll logic ...
    
    return {
      loginWall: /登录后查看|请登录/.test(document.body.innerText || ''),
      pageInfo: {
        title: document.title,
        url: location.href,
        bodyTextSample: document.body.innerText.slice(0, 500),
        cookieCount: document.cookie.split(';').length
      },
      results: []
    };
  })()
`);

Results showed redirect to homepage with only footer content visible.

Workaround

Currently no workaround available. Users must manually view comments in browser.

[Astro-Han]

This is the same root cause as #530. Xiaohongshu's anti-automation detection (error code 300017) blocks automated navigation to note detail pages, while search pages remain accessible.

Your investigation is thorough and aligns with what we found in #530: the existing loginWall check only matches "登录后查看"/"请登录", so the 300017 redirect goes undetected and the command silently returns empty.

The current stealth.ts module handles some fingerprinting signals (navigator.webdriver, CDP detection, etc.), but Xiaohongshu appears to be using more aggressive server-side detection that triggers during navigation itself, before any DOM interaction happens.

This affects comments, download, and likely any command that navigates to /explore/{noteId}.